CVE-2026-6713
MEDIUM
5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
Description
AI Translation Available
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks.
863
Incorrect Authorization
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Access Control
Availability
Potential Impacts:
Read Application Data
Read Files Or Directories
Modify Application Data
Modify Files Or Directories
Gain Privileges Or Assume Identity
Bypass Protection Mechanism
Execute Unauthorized Code Or Commands
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Dos: Resource Consumption (Other)
Applicable Platforms
Technologies:
Web Server, Database Server, Not Technology-Specific
Application
Gitlab by Gitlab
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gitlab:gitlab:19.0.0:*:*:*:enterprise:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Gitlab by Gitlab
Version Range Affected
From
18.2.0
(inclusive)
To
18.10.7
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Gitlab by Gitlab
Version Range Affected
From
18.2.0
(inclusive)
To
18.10.7
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Gitlab by Gitlab
Version Range Affected
From
18.11.0
(inclusive)
To
18.11.4
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Gitlab by Gitlab
Version Range Affected
From
18.11.0
(inclusive)
To
18.11.4
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Gitlab by Gitlab
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gitlab:gitlab:19.0.0:*:*:*:community:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://about.gitlab.com/releases/2026/05/27/patch-release-gitlab-19-0-1-releas…
https://gitlab.com/gitlab-org/gitlab/-/work_items/597490
https://hackerone.com/reports/3644605